Ubuntu
bacula package

Bug #222558
Comment #6

Comment 6 for bug 222558

Revision history for this message

Kern Sibbald (kern) wrote on 2008-09-24: Re: [Bug 222558] Re: password in bacula-fd.conf is not auto-generated

On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
> Importance: Undecided => Medium
> Status: New => Confirmed

I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy
(Eric), and this is his response. Sorry for emailer wrapping, but you can
probably figure it out.

On Wednesday 24 September 2008 16:18:58 you wrote:
> Hello Eric,
>
> Do you have some .deb magic I could send off to the Ubuntu Bacula
> maintainers so that they can generate random passwords when installing
> Bacula?

I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file
is ok too)

After that, i use special strings to replace password in configuration file
(like for RPM)

./configure ...
          --with-dir-password="XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX" \
          --with-fd-password="XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX" \
          --with-sd-password="XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX" \
          --with-mon-dir-password="XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX"
\
          --with-mon-fd-password="XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX"
\
          --with-mon-sd-password="XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX"
\

At the end, i just have to replace XXX_...XXX strings by what we have computed
in each
package.postinst script.

        db_get bacula/director_mpasswd
        db_dir_mpass="$RET"
        db_get bacula/fd_mpasswd
        db_fd_mpass="$RET"
        db_get bacula/sd_mpasswd
        db_sd_mpass="$RET"
        db_stop

        sed \
            -e "s%XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX%$db_dir_mpass%"
\
            -e "s%XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX%$db_sd_mpass%"
\
            -e "s%XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX%$db_fd_mpass%"
\
          < $SRCDIR/$CONFIG > $TARGET

At the end, if you configure FD/SD/DIR/Console on the same box, all your
passwords
will be ok.

They have also to remove the XXAddress = 127.0.0.1 from all configuration
file.

On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
>    Importance: Undecided => Medium
>        Status: New => Confirmed

I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy 
(Eric), and this is his response.  Sorry for emailer wrapping, but you can 
probably figure it out.

I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file 
is ok too)

After that, i use special strings to replace password in configuration file 
(like for RPM)

./configure ... 
          --with-dir-password="XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX" \
          --with-fd-password="XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX" \
          --with-sd-password="XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX" \
          --with-mon-dir-password="XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX" 
\
          --with-mon-fd-password="XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX" 
\
          --with-mon-sd-password="XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX" 
\

At the end, i just have to replace XXX_...XXX strings by what we have computed 
in each
package.postinst script.

db_get bacula/director_mpasswd
        db_dir_mpass="$RET"
        db_get bacula/fd_mpasswd
        db_fd_mpass="$RET"
        db_get bacula/sd_mpasswd
        db_sd_mpass="$RET"
        db_stop

sed \
            -e "s%XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX%$db_dir_mpass%" 
\
            -e "s%XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX%$db_sd_mpass%" 
\
            -e "s%XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX%$db_fd_mpass%" 
\
          < $SRCDIR/$CONFIG > $TARGET

At the end, if you configure FD/SD/DIR/Console on the  same box, all your 
passwords
will be ok.

They have also to remove the XXAddress = 127.0.0.1 from all configuration 
file.

Ubuntubacula package

Comment 6 for bug 222558

Ubuntu
bacula package